iPhone Rootkit

I just got done reading the Phrack article on MacOS X Rootkits I blogged about a while ago. It was a very good article, and I’m sure a lot of the techniques can be tweaked to work on an iPhone. This got me wondering about iPhone rootkits. Would they be harder or easier to detect/program? I think they would probably be easier to program. Why would you even need to hide the files or processes or even ports that the rootkit uses? Users can’t really access the filesystem or terminal to see those sorts of things. Detection, however, is a different story. Since you’d most likely have to jailbreak the iPhone either using traditional software or an exploit, it should be easy to detect. The real way to hide would be to make iTunes think everything was normal. This includes backups of the device sent to iTunes and all communication with iTunes.

There is another Phrack article I haven’t read yet called Persistent BIOS Infection. I wonder if there is a way for persistent iPhone infection! Definitely something to look in to.